Identity-Based Security Comes of Age at Infosec18

The annual Infosecurity Europe (Infosec) show was back again at the start of June even bigger and better than before. This year it was heartening to see so many businesses come to realise that an identity-based approach to cybersecurity is one of the best ways to keep regulators happy and threats at bay while driving adoption of agile cloud deployments.

It all made our Zero Trust Security approach an easy sell as we engaged with customers and prospects.

An oasis of calm

Infosec has been running now for over two decades, but I’ve never before seen it on quite such a scale. Hundreds of exhibitors packed the Grand Hall — so many, in fact, that the organisers also opened up an adjacent exhibition space to house them, and a separate keynote theatre in a remote conference centre. But while the sheer size of the event created a great buzz on the conference floor, it also made it difficult for vendors to stand out from the crowd and rise above the noise.

That’s why for the first time we decided to move our main activity away from a traditional stand or booth to a separate lounge. Here, in an oasis of calm, we could network with scores of channel partners, run briefing sessions, and sit down to some really valuable discussions with customers and prospects. For many key clients we’d not been able to meet recently for logistical reasons it served as a useful one-stop shop. Everyone was at the show, so our lounge area provided the perfect venue for series of catch-up meetings.

After three days of Infosec most of our team is usually a bit shell shocked, because the event has all been such a blur. But this year it was noticeable just how energised everyone was, knowing we’d had great meetings and received some fantastic feedback from customers, and even a few envious glances from other vendors.

A new world

The size of the show this year tells us a lot about the current cybersecurity market. Talking to our customers, there was a general perception that many of the players crowding the exhibition halls continued to solve variations of the same old problem in the same old ways. Thus, we got next-generation firewall vendors, anti-virus players, intrusion detection and prevention solutions (IDS/IPS) and more. However, for many customers the issue is that these legacy approaches to cybersecurity simply don’t take account of the changing ways in which they’re working.

Everything is changing to support the modern, cloud and mobile app-based enterprise. Organisations are rapidly evolving and mobility is key. Workers need to be able to access internal-facing applications anywhere, anytime, while at a B2C level customers expect the companies they interact with to offer the kind of intuitive, mobile-centric experiences they’ve now become accustomed to — no matter what industry they play in.

Leading with identity

Amidst all this change, from front-end devices to back-end cloud infrastructure, one thing that remains constant is identity. That’s why it has become a key way to approach cybersecurity. For so long at Infosec identity was seen as a small part of the overall challenge: but this year it was fantastic to see this approach come out of the shadows and start driving some really important discussions.

What’s caused this evolution? We can attribute much to the role of the GDPR in focusing C-level discussions on how to effectively protect key data whilst supporting greater business agility, innovation and growth. For the past 18 months to two years organisations have been on this journey, to the point where at Infosec 2018 we didn’t have to do much education. Organisations already know the value of identity-based security — they just want to know how to implement it.

That’s great news for Centrify and our Zero Trust Security approach. We all know the old perimeter is dead: today, to help ensure maximum protection of your most important systems and data, trust no user. Instead:

  • Verify every single user by asking them to provide something they have, something they know or something they are
  • Validate their device
  • Limit access and privilege
  • Continuously gather behavioural information to learn and adapt policies in real-time

It’s an approach that has already helped Centrify unlock value for countless organisations. We can’t wait for next year’s Infosec to see how much further the industry has come.